github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,081 Commits 3 Branches 2 Tags 112 MiB
adee2c7974
Commit Graph

1040 Commits

Author SHA1 Message Date
Lantao Liu
d3cacff8e1 Move context cancel into defer. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-25 15:00:43 -07:00
Lantao Liu
74d2b6947c
Merge pull request #1152 from jterry75/deadline_exceeded 
Return gRPC codes.DeadlineExceeded for all timeout operations
 2019-07-25 14:58:29 -07:00
Mike Brown
d2986eb5aa
Merge pull request #1187 from alculquicondor/feature/tcp 
Add option to register on TCP server
 2019-07-25 16:36:05 -05:00
Aldo Culquicondor
4b43303203 Add option to register on TCP server 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-07-25 09:42:49 -04:00
Brandon Lum
3d1fa69694 Implemented constructors for both encryption and decryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-24 22:19:39 -04:00
Brandon Lum
05a2b63e84 Create CryptoConfig constructors in place of dcparameters 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-24 21:51:47 -04:00
Lantao Liu
fe0cb22026 Do not cache image handler. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-24 15:38:18 -07:00
Stefan Berger
364de4c35d Wrap creation of CryptoConfig in constructors 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
 2019-07-23 19:53:23 -04:00
Derek McGowan
dde436e65b Crypto library movement and changes to content helper interfaces 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2019-07-17 15:21:29 -04:00
Justin Terry (VM)
7b0c78bacd ExecSync should block unless client context is canceled 
A call to ExecSync should only return if the client context was canceled or
exceeded. The Timeout parameter to ExecSyncRequest is now used to send SIGKILL
if the exec'd process does not exit within Timeout but all paths wait for the
exec to exit.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-07-16 09:47:55 -07:00
Justin Terry (VM)
71cecedc44 StopContainer should block unless client context is canceled 
A call to StopContainer should only return if the client context is canceled or
its deadline was exceeded. The Timeout parameter on StopContainerRequest is now
used as the time AFTER sending the stop signal before the SIGKILL is delivered.
The call will remain until the container has exited or the client context has
finished.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-07-16 09:44:23 -07:00
Justin Terry (VM)
d7c3ecd0fb RunPodSandbox should block unless client context is canceled 
A call to RunPodSandbox should only return timeout if the operation has timed
out because the clients context deadline was exceeded. On client cancelation
it should return gRPC Canceled otherwise it should block until the sandbox has
exited.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-07-16 09:35:56 -07:00
Maksym Pavlenko
ef7f46eb7b Fix linter errors 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-07-14 20:49:40 -07:00
Michael Crosby
6601b406b7 Refactor runtime code for code sharing 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-07-08 11:47:53 -04:00
Justin Terry (VM)
cfeb2fed81 Return gRPC errors from instrumetedService 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-06-19 10:11:18 -07:00
Lantao Liu
bb020275cb
Merge pull request #1170 from Random-Liu/remove-ctr-cri-load 
Remove ctr cri load
 2019-06-12 14:41:49 -07:00
Lantao Liu
4a417fb083
Merge pull request #1171 from Random-Liu/add-http-proxy-support 
Fix http proxy ENV when TLS is enabled.
 2019-06-12 14:40:58 -07:00
Lantao Liu
322cd48965 Remove load image support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-06-12 11:14:11 -07:00
Lantao Liu
55e5ce0e95 Fix http client when TLS is enabled. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-06-12 11:09:53 -07:00
Lantao Liu
78b4a39f5b
Merge pull request #1163 from Random-Liu/config-v2 
Use the new v2 config
 2019-06-12 10:29:11 -07:00
Lantao Liu
b3f733f0ad
Merge pull request #1166 from mikebrow/doc-cni-maxnum 
doc update for cni max num
 2019-06-11 10:55:28 -07:00
Mike Brown
3ba04c01cc doc update for cni max num 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-06-11 08:35:22 -05:00
Lantao Liu
150232325e Use v2 config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-06-10 20:51:18 -07:00
Lantao Liu
66d1870d25 Add cri managed image label when pulling the image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-06-10 15:13:38 -07:00
Lantao Liu
53c71e2b10
Merge pull request #1155 from kuramal/cni_plugin_conf_file_max_num 
add cni plugin config file max num config
 2019-06-10 10:14:35 -07:00
Mike Brown
bc3b49efdf
Merge pull request #1160 from Random-Liu/remove-unused-todo 
Remove an unused TODO.
 2019-06-10 16:21:42 +02:00
kuramal
b022de5f37 add cni plugin config file max num config, set go-cni to commit 22460c0 
Signed-off-by: kuramal <linxxnil@126.com>
 2019-06-10 12:14:35 +08:00
Lantao Liu
770621fe7a
Merge pull request #1158 from mikebrow/cni-debug-update 
adds cni config data to the cri status/info
 2019-06-07 16:46:04 -07:00
Lantao Liu
09f83a337f Remove an unused TODO. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-06-07 15:42:04 -07:00
Vlad Ungureanu
60a58af376 Add TLS auth registry support 
Signed-off-by: Vlad Ungureanu <ungureanuvladvictor@gmail.com>
 2019-06-06 14:55:53 -07:00
Mike Brown
b87c0d74a5 adds cni config data to the cri status/info 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-06-05 16:39:45 -05:00
Justin Terry (VM)
b8ea1fa177 Minor typo in toCNIBandWidth 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-30 11:51:10 -07:00
Lantao Liu
35e9f39991
Merge pull request #1151 from johscheuer/add-bandwidth-capability 
Initial support for traffic shaping
 2019-05-30 10:28:06 -07:00
Johannes M. Scheuermann
5e2e7c6f7d Correct Egress limits and remove unnecessary check 
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
 2019-05-30 11:44:05 +02:00
Johannes M. Scheuermann
4f0948eed5 Remove capitalized letter in error message 
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
 2019-05-29 08:20:21 +02:00
Lantao Liu
d257c16dbc Make sure exec process is killed when context is canceled. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-28 12:25:03 -07:00
Justin Terry (VM)
f544955e4a Update parseDNSOptions maxDNSSearches in error message 
Minor correctness. We should use the value of the const in the error message
instead of hard coding it in the string so if maxDNSSearches ever changes so
does the error.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-24 14:42:56 -07:00
Johannes M. Scheuermann
0d439c3474 Implement bandwidth capabilties 
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
 2019-05-24 10:29:52 +02:00
Johannes M. Scheuermann
42eb3c49af Initial support for traffic shaping 
Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>
 2019-05-24 09:01:02 +02:00
Derek McGowan
25daa7355c
Merge pull request #3192 from thaJeztah/bump_grpc_1.19.1 
bump google.golang.org/grpc v1.20.1
 2019-05-22 11:58:52 -07:00
Maksym Pavlenko
7f79fbb245 Move ttrpc client to pkg/ttrpcutil 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-05-20 16:44:49 -07:00
Lantao Liu
6e14e01307
Merge pull request #1148 from congliu01/log 
Override container log path to empty if either of sandbox log directory or container log path is empty.
 2019-05-14 15:50:20 -07:00
Cong Liu
fda2902f30 Validate log paths in sandbox and container config. 
Only compose full container log path if neither of the paths is empty. Otherwise container won't start properly.

Signed-off-by: Cong Liu <conliu@google.com>
 2019-05-14 13:46:52 -04:00
Lantao Liu
ebce49f0ea
Merge pull request #1145 from jterry75/fix_typo 
Fix typo in WithoutRunMount
 2019-05-12 23:55:06 -07:00
Justin Terry (VM)
8ba5c02f8f Fix typo in WithoutRunMount 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-10 13:30:22 -07:00
Lantao Liu
179ca59478
Merge pull request #1147 from jterry75/unix_to_syscall_signal 
Move from unix to syscall package for SIG* signals
 2019-05-10 13:14:10 -07:00
Justin Terry (VM)
c1468cdeec Move from unix to syscall package for SIG* signals 
To support cross compilation for SIG* signals perfer the syscall package over
the unix package.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-10 11:50:45 -07:00
Justin Terry (VM)
bc445d7595 Forward sandbox config to PullImage request 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-10 11:35:09 -07:00
Lantao Liu
4037806184 Log failed registry mirror attempt in debug. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-05-08 23:56:29 -07:00
Sebastiaan van Stijn
2ed8e60fa1
bump google.golang.org/grpc v1.20.1 
full diff: https://github.com/grpc/grpc-go/compare/v1.12.2...v1.20.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-05-05 12:39:23 -07:00
Lantao Liu
ba4a04ae70 Add DefaultRuntimeName option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-18 11:18:25 -07:00
Lantao Liu
a5c5d55c90
Merge pull request #1133 from Random-Liu/use-wait 
Use wait instead of `TaskExit`.
 2019-04-18 11:10:21 -07:00
Lantao Liu
d1f9611cb0 Use wait instead of TaskExit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-18 00:18:26 -07:00
Lantao Liu
e425bd019a Update go-cni to 891c2a41e18144b2d7921f971d6c9789a68046b2. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-10 12:07:59 -07:00
Lantao Liu
fae4f79060 Enable runc.v2 as the default runtime in test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-03 18:47:25 -07:00
Lantao Liu
b23b406fed
Merge pull request #1102 from Random-Liu/uts-namespace-and-fix-array 
Uts namespace and fix array
 2019-04-01 09:22:37 -07:00
Sebastiaan van Stijn
7b397f0322
bump opencontainers/selinux to v1.2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-29 01:33:35 +01:00
Lantao Liu
4b4182cf59 Do not assume there is no duplicated elements in arrays. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-28 13:05:55 -07:00
Lantao Liu
9bd49c98c6 No UTS namespace for hostnetwork. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-27 15:07:36 -07:00
Lantao Liu
8777224600
Merge pull request #1099 from Random-Liu/do-not-kill-if-cancelled 
Do not SIGKILL container if container stop is cancelled.
 2019-03-27 14:55:18 -07:00
Michael Crosby
5eddc1a2cc Use container'd oci opts for spec generation 
This bumps the containerd and sys packages in CRI

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove runtime-tools

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Update tests for oci opts package

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-03-27 16:57:04 -04:00
Lantao Liu
1a0228d520 Do not SIGKILL container if container stop is cancelled. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-27 00:49:41 -07:00
Lantao Liu
238658719f Cleanup pod annotation test and only support tailing wildcard. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-25 12:54:34 -07:00
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Mike Brown
bf4e7a885c test filtering of container create masks when privileged 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-03-14 08:17:56 -05:00
Lantao Liu
3691cb6550 Fix /etc/hostname backward compatibility issue for in-place upgrade. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-12 01:17:41 -07:00
Lantao Liu
25442a865c
Merge pull request #1080 from zhsj/rm-partial-docker 
Use ParseSignal and AtomicWriteFile functions from containerd
 2019-03-08 10:53:05 -08:00
Lantao Liu
8a0bd84b9a
Merge pull request #1056 from Random-Liu/add-sandbox-log-dir-annotation 
Add an OCI annotation for sandbox log directory.
 2019-03-08 01:32:38 -08:00
Shengjing Zhu
c6729fe0c4 Use ParseSignal and AtomicWriteFile functions from containerd 
Containerd has its own ParseSignal and AtomicWriteFile implementation.
So there's no need to use these function from github.com/docker/docker.

Signed-off-by: Shengjing Zhu <i@zhsj.me>
 2019-03-08 00:51:04 +08:00
Lantao Liu
9eabcf525e Add an OCI annotation for sandbox log directory. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-06 16:43:36 -08:00
Lantao Liu
0464298b1e Use clean path for map and comparison. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-03 21:19:50 -08:00
Lantao Liu
210e80289b
Merge pull request #1055 from Random-Liu/use-right-sandbox-config 
Use the correct sandbox config.
 2019-02-28 13:02:39 -08:00
Lantao Liu
f2f90f6b00
Merge pull request #1060 from Random-Liu/support-stream-idle-timeout 
Support stream idle timeout.
 2019-02-28 10:28:27 -08:00
Lantao Liu
8222da7768 Support stream idle timeout. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-28 01:30:01 -08:00
haiyanmeng
9dea9d39f5
Add RuntimeHandler into PodSandbox and PodSandboxStatus 
The upstream CRI change: https://github.com/kubernetes/kubernetes/pull/73833

Signed-off-by: Haiyan Meng <haiyanmeng@google.com>
 2019-02-27 16:49:35 -08:00
Lantao Liu
87dba924de Use the correct sandbox config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-22 15:37:07 -08:00
Lantao Liu
b2cd840042
Merge pull request #1045 from Random-Liu/fix-env-performance-issue 
Fix env performance issue
 2019-02-12 11:03:33 -08:00
Lantao Liu
877c1cadc1 Include default envs from containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 10:29:45 -08:00
Lantao Liu
9e2ce3494d
Merge pull request #1042 from Random-Liu/etc-hostname 
Set /etc/hostname.
 2019-02-12 10:15:11 -08:00
Lantao Liu
ec6dd37691 Add env cache. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 03:02:20 -08:00
Lantao Liu
89717d0b63 Don't log config at info level. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 02:07:53 -08:00
Lantao Liu
089d4fbfb8 Set /etc/hostname. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 00:18:00 -08:00
Sebastiaan van Stijn
51affb8839
Replace util.NormalizeImageRef with reference.ParseDockerRef 
Using the utility caused other project to have containerd/cri
as a dependency, only for this utility. The new `reference.ParseDockerRef`
function does the same (it's a copy of this function).

Tests were kept for now, but could be removed in future.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-02-07 13:22:58 +01:00
Lantao Liu
83af4dad87 Support unknown state for sandbox and container 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-05 11:56:24 -08:00
Lantao Liu
4dc6f6d0b5 Add state machine for sandbox and container 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-05 11:56:24 -08:00
Lantao Liu
bfd25c80b4 Change StateUnknown to StateInit 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-04 11:24:49 -08:00
Iskander (Alex) Sharipov
dfebb404cb
remove excessive []byte(s) conversion 
`copy` permits using to mix `[]byte` and `string` arguments without
explicit conversion. I removed explicit conversion to make the code simpler.

Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>
 2019-01-28 19:50:28 +03:00
Lantao Liu
4dd6735020
Merge pull request #1029 from Random-Liu/add-runtime-config-api 
Add a generic runtime options api.
 2019-01-24 17:36:20 -08:00
Lantao Liu
bf00de33a5
Merge pull request #1025 from JoeWrightss/patch-4 
Fix some typos in comment
 2019-01-24 11:17:33 -08:00
Lantao Liu
d9914c8dbd Always fallback to the new runtime options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-24 00:59:02 -08:00
Lantao Liu
42aba00a31 Add runtime config api. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-24 00:59:02 -08:00
Lantao Liu
556b219450 Fix lint error. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-23 18:14:34 -08:00
Lantao Liu
50ac40097e Fix the log ending newline handling. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-23 17:23:13 -08:00
Wei Fu
132ee9b826 fix: linter issue 
megacheck, gosimple and unused has been deprecated and subsumed by
staticcheck. And staticcheck also has been upgraded. we need to update
code for the linter issue.

close: #2945

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2019-01-23 22:54:51 +08:00
zhoulin xie
ae1b7ac4fd Fix some typos in comment 
Signed-off-by: zhoulin xie <zhoulin.xie@daocloud.io>
 2019-01-17 15:50:46 +08:00
Lantao Liu
b1ad4ee9b6 Add unit test for DisableCgroup, RestrictOOMScoreAdj. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-03 10:47:34 -08:00
Lantao Liu
0fa8668aa4
Merge pull request #970 from AkihiroSuda/rootless 
support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj
 2019-01-03 10:14:22 -08:00
Lantao Liu
1fbd06479e
Merge pull request #1010 from teawater/fix_crash 
Fix the issue that pod or container config file without metadata will…
 2019-01-03 10:10:26 -08:00
Hui Zhu
3bfef01589 Fix the issue that pod or container config file without metadata will crash containerd 
Because RunPodSandbox and CreateContainer will access metadata
without check, pod or container config file without metadata will
crash containerd.

This patch add checks to handle the issue.

Fixes: #1009

Signed-off-by: Hui Zhu <teawater@hyper.sh>
 2019-01-03 11:02:10 +08:00
Akihiro Suda
cd8231ab2a support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj 
Add following config for supporting "rootless" mode

* DisableCgroup: disable cgroup
* DisableApparmor: disable Apparmor
* RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-03 05:12:04 +09:00
Lantao Liu
4b4b2abb2e
Merge pull request #1000 from Random-Liu/teardown-network-after-stop 
Teardown sandbox network after stop.
 2019-01-02 10:04:56 -08:00
JoeWrightss
55fb3b9fce Fix return error message 
Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>
 2018-12-30 18:08:04 +08:00
Lantao Liu
fbab182e5e Teardown sandbox network after stop. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-12-14 15:52:17 -08:00
Mike Brown
cd3d5c7992
Merge pull request #993 from JoeWrightss/patch-2 
Fix some typo errors
 2018-12-11 07:49:27 -08:00
JoeWrightss
d53bcba991 Fix some typo errors 
Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>
 2018-12-11 22:13:03 +08:00
Lantao Liu
ec6a1eab11
Merge pull request #991 from Random-Liu/remove-container-lifecycle-image-dependency 
Remove container lifecycle image dependency
 2018-12-07 17:03:57 -08:00
Lantao Liu
515ef02473 Remove container lifecycle image ref dependency. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-12-07 10:40:21 -08:00
JoeWrightss
37085692e2 fix spelling error: contaner -> container 
Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>
 2018-12-07 22:56:09 +08:00
Lantao Liu
db0c4dea24
Merge pull request #984 from mikebrow/ignore-exits-with-no-id 
filter events for non k8s.io namespaces
 2018-12-05 00:10:41 -08:00
Mike Brown
b59dd55966 filter namespace 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-12-04 16:51:24 -06:00
Lantao Liu
de967051d4 Fix kill when shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-12-04 01:53:09 -08:00
Mike Brown
f8e89f71a9 adds cni results to verbose pod info 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-11-26 15:57:00 -06:00
Lantao Liu
80554f4a85
Merge pull request #973 from Random-Liu/use-event-id 
Use the `ID` field of `TaskExit` event.
 2018-11-12 17:02:34 -08:00
Lantao Liu
7f1f4e7a14 Remove invalid TODO comment. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-11-12 14:34:36 -08:00
Lantao Liu
d4c825f905 Use the ID field of TaskExit event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-11-12 14:30:27 -08:00
Lantao Liu
459e481808 Update code for golang 1.11 gofmt. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-11-07 16:08:58 -08:00
Mike Brown
1b3ff7462e removes authconfit from info log 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-10-29 21:17:15 -05:00
Lantao Liu
c1740d8291 Manage mount lifecycle and remove cached state 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-24 11:00:25 -07:00
Starnop
22a8777a9e refactor: setup network after get Sandbox runtime 
Signed-off-by: Starnop <starnop@163.com>
 2018-10-17 16:35:45 +08:00
Lantao Liu
84775d2c10 Add integration test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-11 10:32:19 -07:00
Lantao Liu
c39f63eaf4 Teardown pod network even if the network namespace is closed 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-10 13:10:18 -07:00
Lantao Liu
70da14e4b3
Merge pull request #943 from Random-Liu/support-per-runtime-config 
Support runtime specific configurations.
 2018-10-09 08:09:12 -07:00
Lantao Liu
1442425f92 Support runtime specific configurations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-08 17:17:29 -07:00
Lantao Liu
3e4cf68a3f Use Authorizer. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-08 15:16:15 -07:00
JulienBalestra
27f33cd4d6
cni result: add a debug message 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-10-03 17:19:51 +02:00
Akihiro Suda
5349fa31df remove pkg/testutil/loopback_linux.go and use continuity/testutil/loopback 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-10-02 13:12:25 +09:00
Lantao Liu
db68300a5a Manage unmanaged images in k8s.io namespace 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-27 11:19:11 -07:00
Lantao Liu
963a01735b Add timeout for container/sandbox recover and event monitor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-26 15:23:15 -07:00
Lantao Liu
4b45e16a4b Show runtime handler in sandbox debug info. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-16 21:27:51 -07:00
Lantao Liu
ca3b806b5c Fix addition group ids. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-13 16:31:32 -07:00
Lantao Liu
f540c2a74d Skip sctp protocol hostport mapping. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-11 16:32:15 -07:00
Lantao Liu
fe0cd3672b
Merge pull request #865 from Random-Liu/cache-image-reference 
Cache image reference
 2018-09-10 16:21:57 -07:00
Lantao Liu
953d67d250 Create image reference cache. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-10 11:30:52 -07:00
Lantao Liu
f08a90ff64 Fix hostname env. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-10 10:58:17 -07:00
Lantao Liu
cfdf872493
Merge pull request #891 from tallclair/runtimehandler 
Add RuntimeHandler support
 2018-09-10 10:09:57 -07:00
Lantao Liu
eb3d3cfc5e Revert "Add HOSTNAME to env by default for pod containers" 
This reverts commit 4c3e195db3.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-06 15:30:53 -07:00
Lantao Liu
db8500d10c
Merge pull request #892 from Random-Liu/fix-volume-mount-order 
Sort volume mount.
 2018-09-06 14:44:45 -07:00
Tim Allclair
e7189a25c3
Add RuntimeHandler support 
Signed-off-by: Tim Allclair <tallclair@google.com>
 2018-09-05 17:27:35 -07:00
Lantao Liu
67c0b3e5e2
Merge pull request #894 from Random-Liu/support-masked-readonly-paths 
Support masked readonly paths
 2018-09-05 10:32:40 -07:00
Phil Estes
4c3e195db3
Add HOSTNAME to env by default for pod containers 
To match expectations of users coming from Docker engine runtime, add
the HOSTNAME to the environment of new containers in a pod.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2018-09-05 12:04:40 -04:00
Lantao Liu
3e4cec8739 Add MaskedPaths and ReadonlyPaths support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-04 23:49:16 -07:00
Lantao Liu
063f8158f8 Sort volume mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-04 22:43:37 -07:00
Lantao Liu
49877571e9
Merge pull request #886 from DataDog/JulienBalestra/tls-stream 
stream: can use user certificates
 2018-09-03 23:35:18 -07:00
JulienBalestra
dffd0dfa0e
streaming: tls conf validation to func with tests 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-30 15:10:48 +02:00
JulienBalestra
859003a940
stream: struct for x509 key pair, update the docs, error management 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-28 17:22:11 +02:00
JulienBalestra
b82b524260
stream: can use user certificates 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-27 19:26:14 +02:00
Lantao Liu
bca304ff3e Fix an issue that container/sandbox can't be stopped. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-08-24 18:54:08 -07:00
Lantao Liu
58eb04550d
Merge pull request #873 from miaoyq/verify-selinux-level 
Verify selinux level format
 2018-08-13 18:57:01 -07:00
Yanqiang Miao
a87bda08c0 update selinux to b6fa367 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-08-14 08:33:43 +08:00
Yanqiang Miao
415727cd9f verify selinux level format 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-08-14 08:33:34 +08:00
Lantao Liu
6379fd0346 Update containerd to b9eeaa1ce8. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-08-09 01:53:44 -07:00
Lantao Liu
e1a37e8797 Unpack image during import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-26 07:48:41 +00:00
Lantao Liu
a0cfc8c1d2
Merge pull request #857 from egernst/untrusted-priv 
sandbox: separate host accessing workload and privileged
 2018-07-24 12:11:41 -07:00
Eric Ernst
9a01272dc2 sandbox: separate host accessing workload and privileged 
VM isolated runtimes can support privileged workloads. In this
scenario, access to the guest VM is provided instead of the host.
Based on this, allow untrusted runtimes to run privileged workloads.

If the workload is specifically asking for node PID/IPC/network, etc.,
then continue to require the trusted runtime.

This commit repurposes the hostPrivilegedSandbox utility function to
only check for node namespace checking.

Fixes: #855

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2018-07-22 16:51:22 -07:00
Lantao Liu
b3d6f16383 Serve streaming on localhost by default to match k8s 1.11 default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-21 01:10:45 +00:00
yanxuean
7065dd81f9 support no_pivot option for runc 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-07-20 08:46:50 +08:00
Lantao Liu
7beac6fcc1
Merge pull request #849 from dmcgowan/remove-stringid 
Replace stringid call with simple random reader
 2018-07-12 18:32:28 -07:00
Derek McGowan
cce0a46c8a
Seed random on ctr and containerd startup 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2018-07-12 17:51:55 -07:00
Derek McGowan
1984e451d5 Replace stringid with simple rand reader 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2018-07-12 16:40:45 -07:00
Lantao Liu
e4ad68098e Remove pkg/containerd/resolver package. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Lantao Liu
952e53bf58 Add registry auth config, and use docker resolver in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Lantao Liu
4eb4a29577
Merge pull request #825 from abhi/cni_config 
Change to keep in sync with latest cni config
 2018-06-21 16:14:31 -07:00
Abhinandan Prativadi
263b0b99d0 Change to keep in sync with latest cni config 
This commit contains change to pick the latest cni config
from the configured CNIConfDir.
With this change any changes made to the cni config file will
be picked up on the kubelet's runtime status check call.
Ofcourse this would lead to undefined behavior when the cni config
change is made in parallel during pod creation. However its
reasonable to assume that the operator is aware of the need to
drain the nodes of pods before making cni configuration change.
The behavior is currently not defined in kubernetes. However
I see that similar approach being adopted in the upstream kubernetes
with dockershim. Keeping the behavior consistent for now.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2018-06-21 20:43:38 +00:00
Filipe Brandenburger
01d77d44f5 Update github.com/opencontainers/runtime-tools to v0.6.0 
Also add new dependencies on github.com/xeipuuv/gojson* (brought up by
new runtime-tools) and adapt the containerd/cri code to replace the APIs
that were removed by runtime-tools.

In particular, add new helpers to handle the capabilities, since
runtime-tools now split them into separate sets of functions for each
capability set.

Replace g.Spec() with g.Config since g.Spec() has been deprecated in the
runtime-tools API.

Signed-off-by: Filipe Brandenburger <filbranden@google.com>
 2018-06-20 13:52:50 -07:00
Lantao Liu
b60e456bd9 Fix snapshotter nil panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-20 00:43:44 +00:00
Lantao Liu
e3d57d240f
Merge pull request #761 from Random-Liu/add-log-max-size 
Add log max size
 2018-06-15 15:56:04 -07:00
Lantao Liu
53f1ab4145 Fix double /dev/shm mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 19:03:19 -07:00
Lantao Liu
405f57f8e0 Add max_container_log_size 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 14:24:17 -07:00
Lantao Liu
46d621e4ac Support Cmd for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-12 14:38:55 -07:00
Lantao Liu
b7aac6396d
Merge pull request #811 from Random-Liu/fix-volume-ownership 
Fix empty volume ownership.
 2018-06-11 10:42:04 -07:00
Lantao Liu
c55776377f Fix empty volume ownership. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-11 08:40:35 +00:00
Lantao Liu
c9216531ce Revert "Use pod ip instead of localhost in pod netns for portforward." 
This reverts commit dd886bc281.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-11 07:35:32 +00:00
Lantao Liu
d7abb5b489
Merge pull request #807 from Random-Liu/log-task-exit-event 
Log task exit event.
 2018-06-08 20:07:04 -07:00
Lantao Liu
5a1105c614
Merge pull request #808 from Random-Liu/erase-ambient-caps 
Erase ambient capabilities.
 2018-06-08 20:06:34 -07:00
Lantao Liu
dd886bc281 Use pod ip instead of localhost in pod netns for portforward. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 18:26:06 -07:00
Lantao Liu
b367f30097 Erase ambient capabilities. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 14:37:05 -07:00
Vincent Demeester
832b05ae67
Update tests to use gotest.tools angel 
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
 2018-06-08 21:02:01 +02:00
Lantao Liu
e4e2585431 Log task exit event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 08:33:12 +00:00
Lantao Liu
83e6b65566 Select ipv4 first if there is one. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 18:25:03 +00:00
Lantao Liu
0faff1c22f Fix ctr cri timeout. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 01:24:28 +00:00
Akihiro Suda
097249054d vendor containerd (#2135) 
For containerd/containerd#2135

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-02 23:10:59 +09:00
Lantao Liu
578b34f112
Merge pull request #794 from Random-Liu/panic-for-cri-start-failure 
Generate fatal error when cri plugin fail to start.
 2018-05-31 13:21:16 -07:00
Lantao Liu
b870ee7942 Generate fatal error when cri plugin fail to start. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-31 10:49:11 -07:00
Lantao Liu
b68fb075d4
Merge pull request #793 from Random-Liu/port-containerd-fix-#2364 
Port docker resolver fix #2364.
 2018-05-31 01:03:00 -07:00
Lantao Liu
0fae42b9b8 Port docker resolver fix #2364. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-30 17:25:46 -07:00
Evan Hazlett
d7d2212324 vendor bump 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

containerd: linux -> runtime/linux

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

fix utils to properly format vendor repo

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

test fixup

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-05-30 19:51:24 -04:00
Wei Fu
e28b77c08c Remove useless error-check in createImageReference 
Signed-off-by: Wei Fu <fhfuwei@163.com>
 2018-05-25 10:23:13 +08:00
Lantao Liu
60b0d08a6f Use containerd.WithPullUnpack. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-23 12:39:14 -07:00
Michael Crosby
009ba4d797 Move testutils to pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 17:08:38 -04:00
Michael Crosby
927517de36 Move dialer to pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 13:32:25 -04:00
Michael Crosby
ae4b78d1cc Move progress into pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 13:32:25 -04:00
Ricardo Aravena
f79e0171ca
Minor typo 
Signed-off-by: Ricardo Aravena <raravena80@gmail.com>
 2018-05-15 09:11:48 -07:00
Lantao Liu
5d29598a6d Fix workingset memory calculation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-11 15:17:16 -07:00
Lantao Liu
a5d1332e8f Explicitly set rw for privileged container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-07 15:13:14 -07:00
Lantao Liu
5f4035ae2f
Merge pull request #754 from kolyshkin/mount 
os.Unmount: do not consult mountinfo
 2018-04-30 14:41:57 -07:00
Kir Kolyshkin
daeab40b45 os.Unmount: do not consult mountinfo, drop flags 
1. Currently, Unmount() call takes a burden to parse the whole nine yards
of /proc/self/mountinfo to figure out whether the given mount point is
mounted or not (and returns an error in case parsing fails somehow).

Instead, let's just call umount() and ignore EINVAL, which results
in the same behavior, but much better performance.

This also introduces a slight change: in case target does not exist,
the appropriate error (ENOENT) is returned -- document that.

2. As Unmount() is always used with MNT_DETACH flag, let's drop the
flags argument. This way, the only reason of EINVAL returned from
umount(2) can only be "target is not mounted".

3. While at it, remove the 'containerdmount' alias from the package.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2018-04-30 12:54:10 -07:00
Lantao Liu
279fa853a6 Always mount sysfs as rw. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-26 18:58:26 -07:00
Lantao Liu
daa9f6008c
Merge pull request #743 from Random-Liu/fix-sandbox-stop-race 
Fix sandbox stop race condition.
 2018-04-18 13:28:54 -07:00
Lantao Liu
856534c846 Fix sandbox stop race condition. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-18 10:12:33 -07:00
Lantao Liu
5cb4744f27 Fix portforward for host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-17 08:24:44 +00:00
Lantao Liu
69b3f3aeac Add socat back. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-11 01:53:24 +00:00
Lantao Liu
b09489de96
Merge pull request #727 from Random-Liu/fix-symlink-layer 
Support symlink layer in image import.
 2018-04-10 18:32:29 -07:00
Lantao Liu
9f85c48e4c Support symlink layer in image import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-10 22:08:45 +00:00
Lantao Liu
3d0706c4e5
Merge pull request #691 from abhi/socat 
Getting rid of nsenter and socat
 2018-04-09 15:34:44 -07:00
abhi
02b952ec17 Getting rid of socat 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 14:31:44 -07:00
Lantao Liu
304045491c
Merge pull request #725 from Random-Liu/fix-resolver-race 
Fix resolver race
 2018-04-09 13:10:44 -07:00
Lantao Liu
a68530c1e8 Port containerd fix #2276 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:36:06 +00:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
abhi
aeef99a76e Using netns to perform socat 
This commit removes the usage of nsenter and uses netns
to perform socat operation.

Signed-off-by: abhi <abhi@docker.com>
 2018-04-05 13:28:00 -07:00
Mike Brown
c7793564fc switches from not CA signed to self CA signed for streaming TLS 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 17:50:12 -05:00
Mike Brown
2f9f721b63 adds a new flag to enable TLS support insecure for now 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 12:27:55 -05:00
Lantao Liu
ed20174ce4 Add RunAsGroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-30 22:26:07 +00:00
Lantao Liu
be43ad09da Fix a log output. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 21:31:44 +00:00
Lantao Liu
277edb2d3b Fix event monitor panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-27 01:41:35 +00:00
Lantao Liu
f0655ecfe0 Use pause image from new source. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-26 07:11:41 +00:00
Lantao Liu
356a41c424
Merge pull request #697 from Random-Liu/fs-layout-change 
adds volatile state directory to the fs plan for cntrs/pods/fifo
 2018-03-23 19:24:19 -07:00
Lantao Liu
f4c9ef2647 Add symlink follow into unmount util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-24 01:25:31 +00:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
aa83a7a0aa Change for new containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 23:03:16 +00:00
Lantao Liu
c6fecb2115
Merge pull request #688 from Random-Liu/cleanup-kata-code 
Address comments for privileged runtime code.
 2018-03-22 23:01:31 -07:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Lantao Liu
55d512b98c Make const private. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 00:48:50 +00:00
Lantao Liu
5ae4de1cc2
Merge pull request #681 from mikebrow/tls-config 
adds tls certificate to tls config
 2018-03-22 17:34:04 -07:00
Mike Brown
89adb74414 adds tls certificate to tls config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-22 09:42:31 -05:00
Nitesh Konkar
6a542c596b Bump pause container to multi-arch gcr.io/google-containers/pause:3.1 
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
 2018-03-22 05:44:12 +00:00
Lantao Liu
9177cb16bc Remove omitempty from config json. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-21 07:28:25 +00:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Lantao Liu
e1fe1abff0 Use github.com/pkg/errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-17 02:24:38 +00:00
abhi
2bdf428eb7 Removing DAD config and updating plugins to v0.7.0 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-16 14:46:46 -07:00
Lantao Liu
1dcbf4f742
Merge pull request #663 from abhi/cni 
Moving to use go-cni library from containerd
 2018-03-15 17:53:50 -07:00
Lantao Liu
5e5a5f50d1
Merge pull request #671 from Random-Liu/ctrcri-to-ctr-cri 
Ctrcri to ctr cri
 2018-03-15 17:14:59 -07:00
abhi
003bbd4292 Modifying fake cni plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-15 17:05:33 -07:00
Lantao Liu
7e67d96b9b Replace ctrcri with ctr cri. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 23:22:00 +00:00
Lantao Liu
d389af83a9 Cleanup event backoff. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 18:49:36 +00:00
yanxuean
c751847350 Handle containerd event reliably 
fix #434

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 17:14:02 +08:00
yanxuean
7583bce4ab some comments 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 15:55:54 +08:00
abhi
92110e1d74 Moving to use go-cni library from containerd 
This fix aims to use the cni library form containerd.
The library avoid usage of nsenter.

Signed-off-by: abhi <abhi@docker.com>
 2018-03-14 19:25:54 -07:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
f0a500a390 Use direct function call. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-13 04:51:19 +00:00
Lantao Liu
80b2f751d3
Merge pull request #654 from stevvooe/simplify-stopch 
pkg/store: use a sync.Once to synchronize channel close
 2018-03-09 15:29:32 -08:00
Lantao Liu
e20c6eb8a8
Merge pull request #558 from Random-Liu/report-containerd-version 
Report containerd version instead of cri-containerd version.
 2018-03-09 15:25:32 -08:00
Stephen J Day
4ed26f3116
pkg/store: use a sync.Once to synchronize channel close 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2018-03-09 14:43:16 -08:00
Abhinandan Prativadi
1f28f8d2fe
Merge pull request #650 from Random-Liu/fix-resolver 
Handles 401 in resolver.
 2018-03-07 10:59:43 -08:00
Lantao Liu
40c8372f0e Handles 401 in resolver. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-07 07:35:02 +00:00
Lantao Liu
f01c6d73a6 Fix cleanup context. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-07 07:05:27 +00:00
Lantao Liu
d3b112a989
Merge pull request #639 from Random-Liu/remove-standalone-mode 
Remove standalone mode
 2018-03-05 17:23:06 -08:00
Lantao Liu
ceb540d823 Fix potential panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 22:09:58 +00:00
Lantao Liu
d1e9960180 Remove standalone mode 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 21:45:20 +00:00
Lantao Liu
36b4c05354 Report containerd version instead of cri-containerd version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-01 01:26:37 +00:00
Lantao Liu
f5390d01d6 Fix a potential panic 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-22 03:17:16 +00:00
Lantao Liu
6d538ccbf6 Do not block on stream server close. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-14 08:41:29 +00:00
Lantao Liu
a8264ec035 Support reopening container log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-13 17:57:45 +00:00
Lantao Liu
6900cbdada Use mountpoint as image fs identifier. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-09 07:46:49 +00:00
Mike Brown
6e1c57ec01 update runc vendor and containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-02-08 19:01:48 -06:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00
Lantao Liu
605b4a7b6a Update imports 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 02:45:44 +00:00
Lantao Liu
047df7aca6
Merge pull request #602 from mikebrow/critools-install-minor-update 
update critools
 2018-02-07 18:44:37 -08:00
Mike Brown
edb2b2379d change crictl sandboxes to pods; other references to sandboxes 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-02-07 17:23:59 -06:00
Lantao Liu
8925ef90be Use trace support in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-07 19:17:26 +00:00
Lantao Liu
2b8800df2b
Merge pull request #592 from Random-Liu/fix-registry-mirror 
Fix registry mirror.
 2018-02-02 15:37:29 -08:00
Lantao Liu
92995e29e5 Fix registry mirror. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-02 22:52:36 +00:00
Lantao Liu
d113c16802 Update ocicni to my fork. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-02 19:45:26 +00:00
Lantao Liu
7ddd9255b6 Add golang version in Status info. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-01 20:10:39 +00:00
Abhinandan Prativadi
8094fe69d4
Merge pull request #531 from abhi/registry-mirror 
Adding Registry Mirror support
 2018-01-31 13:01:25 -08:00
abhi
f3ccd85891 Adding Registry Mirror support 
This commit aims to add registy mirror support similar to
docker. The UI is similar to docker where user can
provide mirror urls and the image resolves against the provided
mirrors before fetching from default docker regitry mirror url.

Signed-off-by: abhi <abhi@docker.com>
 2018-01-31 10:47:34 -08:00
yason
6931a69881 add filter for containerd event 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-01-30 14:13:22 +08:00
Lantao Liu
4dfd8250fd Fix a privileged check. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-27 02:25:52 +00:00
Yanqiang Miao
61c1fdb098 Use channel to propagate the stop info of sandbox 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-01-26 16:58:13 +08:00
Lantao Liu
f401662123
Merge pull request #571 from Random-Liu/do-not-list-task 
Avoid containerd access as much as possible.
 2018-01-25 16:13:43 -08:00
Lantao Liu
df58d6825d Avoid containerd access as much as possible. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-25 23:36:00 +00:00
Lantao Liu
e7f2a74a84 Add runtime cgroup and fix a cli panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-25 22:32:57 +00:00
Yanqiang Miao
c663d2423e Use channel to pass the stop info instead of polling for container stop 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-01-25 11:07:54 +08:00
Lantao Liu
635e5747c0 Update containerd and leverage plugin graceful stop. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-23 22:46:46 +00:00
Lantao Liu
2b6f084f36 Disable IPv6 dad by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-22 23:54:16 +00:00
Lantao Liu
4e9ca399e1 Use containerd plugin config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-19 02:25:03 +00:00
Lantao Liu
7d18d61674 Move cgroup and oom score setting to cmd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-19 01:35:36 +00:00
Lantao Liu
74d8880032
Merge pull request #552 from Random-Liu/use-containerd-grpc-server 
Use containerd grpc server
 2018-01-18 12:36:05 -08:00
Lantao Liu
62e6921145 Use containerd grpc server 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-18 18:51:18 +00:00
Lantao Liu
6fadb7f5e9 Minor code cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-18 07:31:16 +00:00
Lantao Liu
3d68005c04 Replace glog with logrus 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-17 21:57:31 +00:00
Lantao Liu
383a89b948 Add flags and utils for logrus 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-17 21:57:31 +00:00
Jose Carlos Venegas Munoz
b383b0261a Annotations: Provide container metadata for VM based runtimes 
For hypervisor-based container runtimes (like Kata Containers, Clear Containers
or runv) a pod will be created in a VM and then create containers within the VM.

When a runtime is requested for container commands like create and start, both
the instal "pause" container and next containers need to be added to the pod
namespace (same VM).

A runtime does not know if it needs to create/start a VM or if it needs to add a
container to an already running VM pod.

This patch adds a way to provide this information through container annotations.
When starting a container or a sandbox, 2 annotations are added:

- type (Container or Sandbox)
- sandbox name

This allow to a VM based runtime to decide if they need to create a pod VM or
container within the VM pod.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-01-17 09:57:20 -06:00
Lantao Liu
cdb1bf0946 Use new cio package. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-12 22:35:24 +00:00
Lantao Liu
8782f18d50 Add integration test for volume copy up. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-11 19:10:52 +00:00
Lantao Liu
54b3b4e0b0 Use graphdriver/copy instead of chrootarchive 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-11 19:10:11 +00:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Lantao Liu
5bfa5e451a
Merge pull request #528 from cpuguy83/skip_selinux_test 
Minor cleanup on selinux test
 2018-01-09 16:30:41 -08:00
Brian Goff
2a07847d67 Use t.Run() instead of t.Log() for subtest log 
Signed-off-by: Brian Goff <brian.goff@docker.com>
 2018-01-09 15:45:13 -05:00
Brian Goff
96484eb3e7 Use t.Skip() when selinux is not enabled 
Signed-off-by: Brian Goff <brian.goff@docker.com>
 2018-01-09 15:43:56 -05:00
Lantao Liu
dca05358dc Add flag to skip imagefs uuid related logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-08 18:41:13 +00:00
Lantao Liu
aee7a366f3
Merge pull request #525 from abhi/cniip 
Caching IP allocated by CNI plugin
 2018-01-05 00:27:48 -08:00
abhi
f1dbc0b375 Caching IP allocated by CNI plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-01-04 20:00:55 -08:00
Lantao Liu
31bc964195 Enable HostSpecific option in runtime-tools generator. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-03 19:04:47 +00:00
Lantao Liu
cebe1b39f7 Remove default rlimits. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-02 18:53:01 +00:00
Lantao Liu
b701b0e496 Add our own DeepCopy. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-16 00:23:14 +00:00
Lantao Liu
737efe70a7
Merge pull request #493 from Random-Liu/minor-cleanup 
Minor cleanup.
 2017-12-12 23:30:47 -08:00
Lantao Liu
e4753edf0a Minor cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-13 03:15:01 +00:00
yason
6c9a837b7a cleanup some comment for removeImage 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-13 10:07:52 +08:00
Lantao Liu
a9c7237e67
Merge pull request #470 from mikebrow/debug-image 
adding info map for verbose image status
 2017-12-12 15:09:57 -08:00
Mike Brown
31223fd5b1 adds oci image spec to image info placed into imagestore 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-12 15:58:07 -06:00
Lantao Liu
cbda4256cd
Merge pull request #487 from yanxuean/image-improve 
improve image
 2017-12-12 11:58:43 -08:00
Mike Brown
03ac989644 adding info map for verbose image status 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-12 13:44:08 -06:00
Lantao Liu
c9b279bb79
Merge pull request #479 from Random-Liu/improve-container-sandbox-status 
Improve container sandbox status
 2017-12-12 11:42:51 -08:00
yason
5f6d9a5fcc reliably remove image when content missing 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-12 18:44:59 +08:00
yason
4762b3e273 remove taskService and imageStoreService 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-12 16:51:22 +08:00
Lantao Liu
f4c572fba7 Add restart test for sandbox recovery. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 21:21:08 +00:00
Lantao Liu
dd017e6e6c Move less important function to the end. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 18:45:57 +00:00
Lantao Liu
b25b06577e Improve container and sandbox status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 18:45:56 +00:00
yason
41c8763e2b improve calling for content 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-11 15:28:10 +08:00
Mike Brown
220411b73b adding info map for verbose pod status 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-05 19:40:39 -06:00
Lantao Liu
11eb24c26f
Merge pull request #475 from Random-Liu/order-container-status-fields 
Use one big info struct before we change info to an array.
 2017-12-05 14:37:36 -08:00
Lantao Liu
85b943eb47 Use one big info struct before we change info to an array. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-05 21:37:12 +00:00
Lantao Liu
266e49a3bf
Merge pull request #471 from yanxuean/improve-unmount 
Improve unmount for snapshot
 2017-12-05 09:54:05 -08:00
yason
2a25cf7c1f sync Unmount for snapshot 
best effort to remove temp dir for snapshot

Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-05 19:05:32 +08:00
Lantao Liu
572e354a2d Revert debug code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-05 07:40:11 +00:00
Lantao Liu
562eb725c7
Merge pull request #458 from mikebrow/boilerplate-update 
fixes for boilerplate
 2017-12-04 10:03:41 -08:00
Mike Brown
bd6d530290
Merge pull request #463 from Random-Liu/dump-rootfs 
Check and dump rootfs.
 2017-12-03 09:23:04 -06:00
Lantao Liu
a23bdf25d8 Check and dump rootfs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-03 11:39:54 +00:00
abhi
43c05efb22 Revert: Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: abhi <abhi@docker.com>
 2017-12-01 16:03:38 -08:00
Mike Brown
009e40f280 correct some boilerplates 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-01 16:56:25 -06:00
Lantao Liu
181d7d5076 Move shim cgroup opts to pkg/containerd/opts. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-01 19:18:26 +00:00
abhi
0d6774f4af Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: abhi <abhi@docker.com>
 2017-12-01 08:33:50 -08:00
Lantao Liu
0db6e04ba1
Merge pull request #447 from Random-Liu/update-containerd 
Update containerd to fix long exec issue.
 2017-11-30 12:58:24 -08:00
Lantao Liu
5ed43ea1a3 Update containerd to fix long exec issue. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-30 19:24:14 +00:00
Lantao Liu
dc7066d23f
Merge pull request #445 from mikebrow/debug-container 
adding some verbose debug
 2017-11-30 11:15:34 -08:00
Mike Brown
33b93fb1d0 adding some verbose debug 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-30 09:51:03 -06:00
Lantao Liu
200ba370a3
Merge pull request #438 from yanxuean/import-lease 
add lease for importer
 2017-11-29 10:18:37 -08:00
yanxuean
089df25492 add lease for importer 
fix #389

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-29 14:02:54 +08:00
Lantao Liu
5f0fba4204 Update containerd and add synchronous image deletion. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-28 22:44:25 +00:00
Mike Brown
4934098e27
Merge pull request #440 from dnephin/use-oci-package 
Use containerd.oci package
 2017-11-28 16:41:26 -06:00
Daniel Nephin
85d3bf0660 Use SpecOpts from new oci package 
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-11-28 15:30:11 -05:00
Brian Goff
f6fe36d17a Remove explicit unpack on all container creates 
This only performs an unpack if there is an error when creating the
container snapshot (and only if it's a "not found' error) since it should
already be unpacked.

Signed-off-by: Brian Goff <brian.goff@docker.com>
 2017-11-28 14:28:20 -05:00
Lantao Liu
4b4714eaca
Merge pull request #432 from mikebrow/vet-fixes 
fixing vet errors
 2017-11-27 12:03:30 -08:00
Lantao Liu
80c7d18703
Merge pull request #431 from Random-Liu/update-containerd 
Update containerd
 2017-11-27 12:03:18 -08:00
Lantao Liu
1b05f088b5
Merge pull request #375 from yanxuean/image-trunc 
support get image by truncindex
 2017-11-27 11:36:58 -08:00
yanxuean
50cb8a0571 update containerd for refactor 
fix #423

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-27 19:24:14 +00:00
Mike Brown
983994dc87 fixing vet errors 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-27 13:13:21 -06:00
yanxuean
b4ebf2d7a7 improve localResolve 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-23 10:56:12 +08:00
yanxuean
cbe7f0dd5a use docker.digestSet store image truncid 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-23 10:55:59 +08:00
Lantao Liu
6104fcba3c
Merge pull request #421 from Random-Liu/add-new-cri-log-support 
Add new cri log support
 2017-11-21 13:09:57 -08:00
Lantao Liu
48726ecd27 Add support for CRI partial log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-21 19:24:12 +00:00
Lantao Liu
76268ea242 Do not remove sandbox when netns is not closed. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-21 01:22:19 +00:00
Lantao Liu
3f80fe06ef Add simple unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-16 23:04:33 +00:00
Lantao Liu
03aca5e82b Fix data race. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-14 05:35:44 +00:00
Lantao Liu
57f37ca66e Print full container spec for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-13 23:36:12 +00:00
Lantao Liu
01493463db Fix streaming deadlock. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-13 05:51:14 +00:00
Lantao Liu
3557cffbbb Fix container exec 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-10 21:03:29 +00:00
Lantao Liu
e41b6d3c24 Refactor container io code 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-10 21:03:29 +00:00
Lantao Liu
c4931c8409 Keep stdin open instead of opening when use it. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-09 09:28:30 +00:00
Lantao Liu
2433ae7539
Merge pull request #393 from abhi/labels 
Adding kube pod and container labels to containerd
 2017-11-07 23:39:20 -08:00
abhi
cd5886d647 Adding kube pod and container labels to containerd 
Currently we have the pod and container labels part of
containerd metadata extensions. However for third party users
like cadvisor that depend on standard kube labels will need
to be aware of the way metadata is stored in containerd to
fetch the labels.

Signed-off-by: abhi <abhi@docker.com>
 2017-11-07 22:19:19 -08:00
Lantao Liu
affc6e93a8
Merge pull request #397 from yanxuean/trunc-for-list 
Add truncindex for filter in List and Stat
 2017-11-07 00:41:03 -08:00
yanxuean
12bbbc0edc add unit test for listcontainer and listpodsandbox 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-07 15:57:29 +08:00
Lantao Liu
75e97dd168 Reverse the wrong logic for tty. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-07 02:03:44 +00:00
Lantao Liu
b9d4eda403
Merge pull request #401 from Random-Liu/add-comment 
Add comment for #398.
 2017-11-06 14:09:50 -08:00
Lantao Liu
68e74dc16a
Merge pull request #394 from Random-Liu/fix-container-streaming 
Various fixes for container streaming.
 2017-11-06 14:09:30 -08:00
Lantao Liu
6f97764171 Add comment for #398. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 20:54:50 +00:00
Lantao Liu
eec818e6ab Various fixes for container streaming. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 20:50:50 +00:00
Lantao Liu
e363c218d6
Merge pull request #395 from Random-Liu/fix-image-in-container-status 
Return image tag as image spec.
 2017-11-06 10:55:37 -08:00
Justin Cormack
913836474b Remove comment about whether other paths should be read only with ro root 
Since https://github.com/moby/moby/pull/35344 we clarified that this behaviour
was a mistake, and the read only flag should just apply to the actual rootfs,
so it corresponds to the OCI read-only option. Other mounts may be able to be
adjusted by re-specifying them or other means but this is unrelated.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-06 14:21:16 +00:00
yanxuean
6234337459 Add truncindex for filter in List and Stat 
fix #344
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-06 16:47:43 +08:00
Lantao Liu
050ee1de95 Return image tag as image spec. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 06:05:49 +00:00
Lantao Liu
74abfe349d Add crictl config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 05:28:58 +00:00
Lantao Liu
9f2de2cd02
Merge pull request #382 from miaoyq/return-config 
"Status" function return cri-containerd config in json format
 2017-11-02 20:41:31 -07:00
Lantao Liu
e19e043a4c
Merge pull request #386 from Random-Liu/fix-spammy-cni-log 
Get rid of spammy CNI log.
 2017-11-02 20:40:50 -07:00
Yanqiang Miao
9b71208be9 "Status" function return cri-containerd config in json format 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-11-03 09:23:05 +08:00
Lantao Liu
73c2cb5632 Fix spammy CNI log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-03 01:08:07 +00:00
Mike Brown
df6f4a3655 adds help for load command (#383) 
* adds help for load command

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* vendor restrom/dedent

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-02 15:38:24 -07:00
Lantao Liu
8679d10733
Merge pull request #380 from Random-Liu/fix-deadlock 
Do not call `Usage` inside `Walk`.
 2017-11-01 22:04:10 +01:00
Lantao Liu
2453c03daa Do not call Usage inside Walk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-01 18:11:11 +00:00
Lantao Liu
2cb1572667
Merge pull request #379 from yanxuean/unpack 
Use image.IsUnpacked
 2017-11-01 07:50:12 +01:00
yanxuean
9027a02e8e Use image.IsUnpacked 
fix #361
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-01 13:51:25 +08:00
Lantao Liu
4eaaee380f Fix removing state recover. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-31 20:03:58 +00:00
Lantao Liu
4e6e1cab0d Add the missing container log path in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-30 06:03:52 +00:00
Lantao Liu
1d14c11dcb
Merge pull request #368 from Random-Liu/not-log-output 
Do not log container output in error log.
 2017-10-28 05:50:14 +02:00
Lantao Liu
f2fa351a1f Do not log container output in error log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-28 02:16:43 +00:00
Lantao Liu
6cded68bac
Merge pull request #360 from Random-Liu/add-image-load 
Add image load
 2017-10-28 00:43:20 +02:00
Lantao Liu
25fdf72692 Add image load. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 21:51:04 +00:00
Lantao Liu
32806fa375 Fix a log line and also set containerd log level to debug in node e2e. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 07:21:37 +00:00
Lantao Liu
f10cc58362 Revert "Put containerd-shim into pod cgroup" 
This reverts commit e9cf1d5909.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 05:33:55 +00:00
Lantao Liu
5e74cba0f0 Add log of generated id for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 00:11:16 +00:00
Lantao Liu
6c6b337e87 Merge pull request #358 from Random-Liu/unpack-when-creation 
Also unpack image during creation.
 2017-10-26 22:44:07 +02:00
Lantao Liu
acc3f74d5c Also unpack image during creation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-26 17:57:53 +00:00
Yanqiang Miao
e9cf1d5909 Put containerd-shim into pod cgroup 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-26 10:17:12 +08:00
Lantao Liu
698f0ea2ae Merge pull request #345 from yanxuean/imagereadiness 
check image readiness when recover
 2017-10-23 16:09:14 +02:00
yanxuean
9d06ac0e2b check image readiness when recover 
fix #303

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-23 19:21:39 +08:00
Ian Campbell
d75e0882c4 typo: subtract not substract. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-10-13 09:50:17 +01:00
yanxuean
3887b0a1a0 Add a flag to set OOMScore 
fix #337
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-12 16:43:35 +08:00
Lantao Liu
885024f987 Merge pull request #295 from miaoyq/use-mount-lookup 
Get the mountInfo by 'LookupMount' in containerd
 2017-10-11 21:05:39 -07:00
Lantao Liu
61d598d00f Merge pull request #235 from yanxuean/truncindex 
Add Truncindex for container, sandbox and image
 2017-10-11 21:03:16 -07:00
Yanqiang Miao
c65921b16a Get the mountInfo by 'LookupMount' in containerd 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-12 11:09:24 +08:00
yanxuean
5ee3423820 add truncindex 
fix #222

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-12 10:32:20 +08:00
Lantao Liu
e4b818ff41 Merge pull request #342 from Random-Liu/update-kubernetes-containerd 
Update kubernetes and containerd.
 2017-10-11 00:23:24 -07:00
Lantao Liu
bde8b0517e Update kubernetes and containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-11 06:16:19 +00:00
Lantao Liu
6cb3d27ed3 Use device number to find uuid 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-09 06:10:43 +00:00
Lantao Liu
09d7d652e6 Change Version to return cri-containerd version instead. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-07 00:47:51 +00:00
Lantao Liu
e78c85f76b Use new container update function 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-06 17:57:26 +00:00
Lantao Liu
3a5ec1cf6e Merge pull request #328 from Random-Liu/fix-container-stats-panic 
Fix container stats panic.
 2017-10-04 21:45:19 -07:00
Lantao Liu
94b68ae662 Fix container stats panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-05 02:18:19 +00:00
Lantao Liu
0bcc95e4a1 Skip not exist image volume directory. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-04 22:43:24 +00:00
Lantao Liu
23b8330b44 Merge pull request #322 from miaoyq/fix-314 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
 2017-10-04 10:49:56 -07:00
Yanqiang Miao
9f656cdda4 Support unconfined apparmor 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-04 09:50:27 +08:00
Lantao Liu
a81a47bf9b Fix update container resources 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-03 06:03:39 +00:00
Lantao Liu
a7b78d7622 Merge pull request #297 from ijc/use-stat-for-device-uuid-comparison 
Use stat_t.st_rdev to compare block devices
 2017-09-28 11:30:34 -07:00
Abhinandan Prativadi
1784b073bc Merge pull request #301 from Random-Liu/fix-container-stats 
Fix container stats.
 2017-09-28 06:02:42 -07:00
Lantao Liu
de6287d626 Fix container stats. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 05:49:44 +00:00
Lantao Liu
d6e04d871e Merge pull request #300 from Random-Liu/improve-some-error-message 
Better format several errors
 2017-09-27 22:47:15 -07:00
Lantao Liu
517f697f62 Better format several errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 01:15:06 +00:00
Lantao Liu
e723a5018b Merge pull request #293 from Random-Liu/cleanup-container-metrics 
Fix and cleanup container metrics
 2017-09-27 17:17:46 -07:00
Lantao Liu
97b6e82d98 Fix and cleanup container metrics 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-27 23:43:00 +00:00
Ian Campbell
11714fb6a3 Use stat_t.st_rdev to compare block devices 
I implemented /dev/disk/by-uuid on my platform but using absolute links (where
udev typically uses relative) which broke the code in `os.DeviceUUID`.

Rather than just patch that up directly instead stat both the target and
candidate devices and pick one with matching major:minor in st_rdev. This saves
manually building paths to resolve symlinks and I think should be more robust
overall.

I also removed the initial stat of /dev/disk/by-uuid, I believe
`ioutil.Readdir` will correctly return an error if the path does not exist.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-27 16:17:57 +01:00
Abhinandan Prativadi
66693196ac Setting timestamp for cpu and memory stats in nano seconds 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-27 07:06:25 -07:00
Lantao Liu
0e6e593481 Merge pull request #275 from mikebrow/config-for-containerd 
Adds support for configuring the containerd runtime engine
 2017-09-26 20:04:13 -07:00
Mike Brown
d8a3c6b018 adds support for configuring the containerd runtime engine 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-26 20:22:51 -05:00
Lantao Liu
e7a5001c3e Merge pull request #265 from abhinandanpb/metrics 
Adding container metrics support
 2017-09-26 13:57:17 -07:00
Abhinandan Prativadi
d0298944eb Adding container metrics 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-26 12:03:08 -07:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Lantao Liu
4231473df3 Address comments 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:44 +00:00
Lantao Liu
21233b22be Check seccomp enable and add unit test for seccomp/apparmor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:26 +00:00
Lantao Liu
491400c892 Add ImageFsInfo support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 21:02:29 +00:00
Lantao Liu
6363207315 Merge pull request #272 from Random-Liu/improve-selinux-apparmor-support 
Improve apparmor and selinux support.
 2017-09-22 15:09:59 -07:00
Lantao Liu
dd967cde8c Improve apparmor and selinux support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-22 20:46:31 +00:00
Lantao Liu
1fd8c2ffc3 Merge pull request #270 from Random-Liu/fix-checkpoint-recovery 
Fix checkpoint recovery.
 2017-09-22 00:48:00 -07:00
Lantao Liu
10df5f71a7 Merge pull request #212 from miaoyq/related-selinux 
Add build tags and Improve the test case of selinux
 2017-09-21 21:07:53 -07:00
Yanqiang Miao
7096027d21 Add build tags and Improve the test case of selinux 
- Add build tags
- Fixes a bug because of my negligence
- Improve the test case of selinux

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

test
 2017-09-22 11:39:32 +08:00
Mike Brown
78a925f57b vendor for new seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:37:50 -05:00
Mike Brown
c0a2d152d9 adds seccomp support 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:22:11 -05:00
Lantao Liu
ce9d27bd94 Fix checkpoint recovery. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:10:38 +00:00
Lantao Liu
e132f9c1ea Should register container/sandbox name after restart. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:06:24 +00:00
Lantao Liu
9015b6ec68 Merge pull request #209 from Random-Liu/checkpoint-recovery 
Checkpoint recovery
 2017-09-21 11:32:49 -07:00
Lantao Liu
cc1b0b6709 Add restart recovery logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 17:59:46 +00:00
Lantao Liu
90d6e44c22 Merge pull request #267 from Random-Liu/fix-apparmor 
Fix apparmor empty case.
 2017-09-20 21:53:28 -07:00
Lantao Liu
dd3421c3c7 Fix apparmor empty case. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 04:07:39 +00:00
Lantao Liu
5dbba596e6 Merge pull request #260 from yanxuean/use-containerd-extension 
Switch to containerd extension
 2017-09-20 10:36:57 -07:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
a2dbc6ec1c Merge pull request #261 from ijc/volume-copyup 
Implement volume copy up.
 2017-09-20 02:30:36 -07:00
Lantao Liu
9c533dca14 Merge pull request #262 from ijc/sandbox-getip-improvements 
Do not attempt to retrieve IP from host network namespace
 2017-09-20 02:22:07 -07:00
Ian Campbell
9c3c38d9ab Do not attempt to retrieve IP from host network namespace 
Since sandboxes which use the host network have no network namespace path this
would result in an invalid invocation of nsenter.

Rework the fetching of the sandbox to take this into account and also avoid
trying to get an IP when the network plugin is not yet ready.

Fixes #245.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:53:56 +01:00
Ian Campbell
8c6ba35038 Implement volume copy up. 
This pulls in and uses github.com/docker/docker/pkg/chrootarchive for the
actual copy up which is some battle hardened code to unpack avoiding things
like symlink traversal security issues.

However it does pull in a pretty huge pile of vendoring, including
github.com/docker/docker/pkg/reexec which we must then call at startup. It's
not immediately clear that this tradeoff is the correct one.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:52:27 +01:00
Lantao Liu
45f98a0b39 Fix one line of log, we are writing not reading. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-19 18:53:45 +00:00
Lantao Liu
437131299b Merge pull request #230 from miaoyq/ensure-mount-shared-slave 
Ensure the mount point is propagated
 2017-09-19 00:56:27 -07:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
06a305d7ea Merge pull request #255 from Random-Liu/use-config-in-service 
Use config in service.
 2017-09-17 22:37:06 -07:00
Lantao Liu
8a03d551da Merge pull request #252 from abhinandanpb/rshared 
Setting rootfs mount propagation if the mount type is rshared/shared
 2017-09-17 12:23:39 -07:00
Abhinandan Prativadi
abba4e22f6 Setting rootfspropagation if the mount type shared or slave 
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-17 09:59:45 -07:00
Lantao Liu
71b0d0a043 Use config in service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-17 06:46:40 +00:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00